ComboFix 08-06-20.4 - anna 2008-06-26 2:08:40.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1103 [GMT 2:00] ausgeführt von:: C:\Users\anna\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\huwawuyb.ini C:\Windows\system32\oPijiHwU.dll C:\Windows\system32\UwHijiPo.ini C:\Windows\System32\UwHijiPo.ini2 . ((((((((((((((((((((((( Dateien erstellt von 2008-05-26 bis 2008-06-26 )))))))))))))))))))))))))))))) . Keine neuen Dateien erstellt in diesem Zeitraum . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-26 00:15 --------- d-----w C:\Users\anna\AppData\Roaming\Skype 2008-06-26 00:13 --------- d-----w C:\Users\anna\AppData\Roaming\Free Download Manager 2008-06-26 00:07 --------- d-----w C:\Users\anna\AppData\Roaming\OpenOffice.org2 2008-06-25 23:29 --------- d-----w C:\Users\anna\AppData\Roaming\skypePM 2008-06-25 18:30 81,920 ----a-w C:\Windows\System32\byuwawuh.dll 2008-06-25 18:30 106,496 ----a-w C:\Windows\System32\sworppad.dll 2008-06-25 18:28 91,136 ----a-w C:\Windows\System32\stfasamf.dll 2008-06-25 13:10 91,136 ------w C:\Windows\System32\bsuthjdt.dll 2008-06-25 12:10 99,840 ----a-w C:\Windows\System32\untmnqcm.dll 2008-06-25 12:08 91,136 ----a-w C:\Windows\System32\xckjlnre.dll 2008-06-25 10:07 99,840 ----a-w C:\Windows\System32\ssfkjjbv.dll 2008-06-25 10:05 91,136 ----a-w C:\Windows\System32\ydddtyfv.dll 2008-06-24 12:16 91,136 ----a-w C:\Windows\System32\ifrhjixy.dll 2008-06-24 12:16 105,472 ----a-w C:\Windows\System32\ndkvmkvv.dll 2008-06-24 11:30 --------- d-----w C:\Users\anna\AppData\Roaming\Azureus 2008-06-23 21:20 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-23 19:55 105,984 ----a-w C:\Windows\System32\qakdfnuv.dll 2008-06-23 19:49 91,136 ----a-w C:\Windows\System32\dmgjkmqk.dll 2008-06-23 19:45 105,984 ----a-w C:\Windows\System32\ikipxbqj.dll 2008-06-23 19:40 91,136 ----a-w C:\Windows\System32\ewlenwod.dll 2008-06-23 19:39 105,984 ----a-w C:\Windows\System32\blluqkhl.dll 2008-06-23 19:33 91,136 ----a-w C:\Windows\System32\mllweect.dll 2008-06-23 19:29 105,984 ----a-w C:\Windows\System32\nokuexfi.dll 2008-06-23 19:24 91,136 ----a-w C:\Windows\System32\capxruhw.dll 2008-06-23 19:22 105,984 ----a-w C:\Windows\System32\vboitjme.dll 2008-06-23 19:20 91,136 ----a-w C:\Windows\System32\xvdtqcgk.dll 2008-06-23 19:20 --------- d-----w C:\Program Files\Azureus 2008-06-23 18:22 --------- d-----w C:\Users\anna\AppData\Roaming\Image Zone Express 2008-06-23 17:59 --------- d-----w C:\ProgramData\HPSSUPPLY 2008-06-23 16:57 --------- d-----w C:\Program Files\MagicISO 2008-06-23 13:56 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-23 13:55 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-06-22 20:02 --------- d-----w C:\Program Files\Lavalys 2008-06-22 19:51 --------- d-----w C:\ProgramData\FLEXnet 2008-06-22 01:48 --------- d-----w C:\Program Files\ZSoft 2008-06-21 14:53 --------- d-----w C:\Program Files\Safari 2008-06-17 23:31 --------- d-----w C:\Program Files\MSBuild 2008-06-17 23:31 --------- d-----w C:\Program Files\Microsoft Works 2008-06-17 23:27 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-06-15 15:13 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-15 15:12 --------- d-----w C:\Program Files\Common Files\Control Panels 2008-06-15 15:10 --------- d-----w C:\ProgramData\ALM 2008-06-15 14:10 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-06-14 18:11 --------- d-----w C:\Users\anna\AppData\Roaming\Talkback 2008-06-14 18:11 --------- d-----w C:\Program Files\Mozilla Sunbird 2008-06-13 01:15 --------- d-----w C:\Program Files\Windows Mail 2008-06-12 23:01 --------- d-----w C:\Users\anna\AppData\Roaming\Malwarebytes 2008-06-12 23:01 --------- d-----w C:\ProgramData\Malwarebytes 2008-06-12 23:01 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-06-12 12:53 --------- d-----w C:\Program Files\Foxit Software 2008-06-12 09:44 --------- d-----w C:\Program Files\Panda Security 2008-06-12 09:15 --------- d-----w C:\Program Files\Trend Micro 2008-06-11 12:49 --------- d-----w C:\Program Files\CCleaner 2008-06-10 20:54 --------- d-----w C:\Users\anna\AppData\Roaming\Apple Computer 2008-06-10 17:02 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys 2008-06-10 17:02 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-06-09 22:01 --------- d-----w C:\Users\anna\AppData\Roaming\phonostar-Player 2008-05-25 21:57 --------- d-----w C:\ProgramData\FreeDownloadManager.ORG 2008-05-25 21:57 --------- d-----w C:\Program Files\Free Download Manager 2008-05-22 22:46 --------- d-----w C:\Program Files\Canon 2008-05-22 22:45 --------- d-----w C:\Program Files\Common Files\Canon 2008-05-20 12:56 --------- d-----w C:\Program Files\Bonjour 2008-05-19 21:34 --------- d-----w C:\Program Files\Red Kawa 2008-05-19 21:34 --------- d-----w C:\Program Files\AviSynth 2.5 2008-05-15 15:59 --------- d-----w C:\Program Files\MODupRemover 2008-05-13 21:29 --------- d-----w C:\Users\anna\AppData\Roaming\gtk-2.0 2008-05-13 19:03 --------- d-----w C:\Program Files\GIMP-2.0 2008-05-13 18:54 --------- d-----w C:\Program Files\Apple Software Update 2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-05-06 19:07 --------- d-----w C:\Program Files\Common Files\xing shared 2008-05-06 19:07 --------- d-----w C:\Program Files\Common Files\Real 2008-05-03 11:30 --------- d-----w C:\Program Files\VoipCheapCom 2008-05-03 11:25 --------- d-----w C:\Users\anna\AppData\Roaming\VoipCheapCom 2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-04-23 04:27 428,032 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:27 292,352 ----a-w C:\Windows\System32\psisdecd.dll 2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-04-22 16:26 106,496 ----a-w C:\Windows\System32\HPSTDSoap.dll 2008-04-22 16:02 163,840 ----a-w C:\Windows\System32\hppatusg01.dll 2008-04-22 16:02 126,976 ----a-w C:\Windows\System32\HPDevEnm.dll 2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-03-08 00:21 32 ----a-w C:\Users\All Users\ezsid.dat 2008-03-08 00:21 32 ----a-w C:\ProgramData\ezsid.dat 2007-09-15 10:41 0 ----a-w C:\Users\anna\AppData\Roaming\wklnhst.dat 2007-09-14 17:42 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot_2008-06-25_19.58.47.34 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-25 17:47:32 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-26 00:14:23 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-06-25 17:48:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-26 00:14:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-26 00:14:54 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-25 17:48:02 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-26 00:14:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-26 00:14:54 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-06-25 17:38:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-26 00:04:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-25 17:38:32 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-26 00:04:04 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-25 17:38:32 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-26 00:04:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-06-25 17:15:20 11,762 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1416638823-3723293513-1189148302-1000_UserData.bin + 2008-06-26 00:08:28 12,086 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1416638823-3723293513-1189148302-1000_UserData.bin - 2008-06-25 17:15:20 73,446 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-26 00:08:27 73,772 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-22 20:53:57 69,884 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-25 23:31:30 70,312 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FB57166-9239-45B7-8F8B-7B6645007B18}] C:\Windows\system32\geBTKCUK.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{612f704d-db98-4509-a200-bcc398ba55d3}] 2008-06-25 20:30 106496 --a------ C:\Windows\system32\sworppad.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}] C:\Windows\system32\fccdCVLF.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4FFFF6C-3FB4-4E59-B906-432858DC78FF}] C:\Windows\system32\nNeFuusS.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C416905B-15F8-4184-8779-01E197CE9E64}] C:\Windows\system32\opnLBsPI.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 13:11 1232896] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "PhonostarAgent"="C:\Program Files\phonostar\ps_agent.exe" [2007-12-05 17:10 98304] "PhonostarTimer"="C:\Program Files\phonostar\ps_timer.exe" [2007-12-05 17:14 126976] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136] "VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [2007-02-20 14:23 7202360] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 09:01 437160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 17:37 3772416 C:\Windows\RtHDVCpl.exe] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 21:43 729088] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 20:46 153136] "KnexStarter"="C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe" [2008-04-22 18:26 73728] "RunTasktray"="C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" [2008-04-22 16:33 69120] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-17 08:54 12288] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 13:21 563080] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-16 09:52 262401] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-09-26 11:53 492912] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-06 21:07 185896] "Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656] "dc98ce51"="C:\Windows\system32\byuwawuh.dll" [2008-06-25 20:30 81920] "BMdfabfdcd"="C:\Windows\system32\stfasamf.dll" [2008-06-25 20:28 91136] C:\Users\anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216] Windows Calendar.lnk - C:\Program Files\Windows Calendar\WinCal.exe [2007-09-14 19:34:29 967168] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-10-12 18:51:48 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{ACED1C9F-2718-4512-9F69-F4E28C1F484F}"= C:\Windows\system32\fccdCVLF.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"= C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F4DD84CE-E17A-4B85-A1FC-89B2F1AC2696}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{4BDAD0C4-480A-4EED-820F-36D05F16A69D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{10526763-4111-453A-94E1-CD41D5BBF8F4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{98B96728-6812-44F6-ABD4-AC834EA74052}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1FBF5C60-29FE-4EED-BEFF-0E68502FE8A8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{198FD9A9-8D1C-437E-8934-02CE13FA261B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{2B3F9092-4D4B-463B-8A1F-CD9663F0CFE3}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{B90A9CC3-4E22-4495-BDC1-149042B05A25}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{4208924E-746A-490D-B832-AAB5C480E9CF}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{C34F8FB0-B3EE-4AD8-AC3C-FBA121A3A399}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{BDFB26BF-A458-4D7F-B0E4-3E225BF0B3C4}C:\\users\\anna\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\anna\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{53B37A4F-78CF-41AB-B5BB-90CA3BAC4CAA}C:\\users\\anna\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\anna\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{6D139940-0319-46E6-8FA4-3B25777B2F66}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{D3EF685E-4C9F-454C-BB58-F728DB5891DB}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{72391A80-B41F-479C-BEA5-6751235BEAB6}"= UDP:14456:Azureus Ernesto "{7069354F-D9E1-4163-92C9-BF8185696B4A}"= UDP:990:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{B39B93FB-2FBE-441E-A769-9879B4AA8D4C}"= UDP:5721:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{2B89BADB-858F-4D87-B424-553326801DEC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{5402CB27-D5E3-4EA4-BC52-5FE3996D9700}"= UDP:5678:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{E72C1562-EC42-4E0D-A5CD-9C01B006B94A}"= UDP:999:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{DD78AB46-AEA1-4B5F-8687-8F32851F9DDE}"= UDP:26675:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{A8823093-17C5-4847-AC32-76E2AAEF28D4}"= UDP:990:LocalSubnet:LocalSubnet|IF={C29C566D-2C68-4F2F-93CA-A2F67648073B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "TCP Query User{5EE102DD-77F2-4B13-96D6-C1D7B49FD5C9}C:\\program files\\phonostar\\ps_olect.exe"= UDP:C:\program files\phonostar\ps_olect.exe:ps_olect "UDP Query User{348F674C-BC6E-4FD1-8AC0-0A406D91F22C}C:\\program files\\phonostar\\ps_olect.exe"= TCP:C:\program files\phonostar\ps_olect.exe:ps_olect "{5BF24BF5-441A-468B-8DD2-4C36D44BD65B}"= UDP:50001:Azureus1 "{3E216593-E634-4675-A942-3DFA993F946C}"= TCP:50001:Azureus "TCP Query User{6433B0AC-5BE9-4CDA-A3DF-F084E6BD448B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{B8C8451D-DCBE-40FE-B94B-E7E5AAE90545}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{B45340CD-19A2-4919-982C-E2D658D2A78C}C:\\program files\\phonostar\\ps_olect.exe"= UDP:C:\program files\phonostar\ps_olect.exe:ps_olect "UDP Query User{D63AA736-5F00-4A83-98D7-474DC3F769A8}C:\\program files\\phonostar\\ps_olect.exe"= TCP:C:\program files\phonostar\ps_olect.exe:ps_olect "TCP Query User{4EBB9B60-90E1-4A74-9A92-3B0C317A529B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{239D9813-9FDE-4B1F-A9C0-27BF8CC2BA86}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{C032C1E6-5D79-451A-986C-9C2D52F62EDB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{6B960225-2769-451E-A922-DDD3F47FF263}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{20690B30-AA11-47B0-9C5C-A45FECED7E46}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{62B8C8AA-33BB-431D-A304-BAAD09FE530A}"= UDP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom "{8658AE57-944E-4D6E-A678-2C3BC776B3C3}"= TCP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom "{66DEB1B8-47BA-40D1-A3C0-553362FDD4F5}"= UDP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom "{B01F66D4-D01F-45F3-B68C-F2A15F193338}"= TCP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom "TCP Query User{9D7A1FC2-BF54-492B-81CD-AEEBAEFECA62}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{A768B4C9-BC45-4F77-A2A9-6DEA03E34A74}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{9F490FD0-2012-4B63-AC48-151E4E5C6F22}C:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player "UDP Query User{FBBE60F0-19F6-49F1-A578-A27B3BA739B5}C:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player "{4DC66C16-0BCB-4707-92AD-CD318C6D2827}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{980D8D50-2739-49AD-B50C-EB00E087D09A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{1C86748D-F9BB-403B-A578-715E6AC616D9}C:\\users\\anna\\appdata\\local\\simplify media\\simplifypeer.exe"= UDP:C:\users\anna\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "UDP Query User{A552AD9C-D0F6-4661-8B74-F3E7315ABC38}C:\\users\\anna\\appdata\\local\\simplify media\\simplifypeer.exe"= TCP:C:\users\anna\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "TCP Query User{4B5B902A-6B86-46AB-AB60-CB020DCE5FC5}C:\\users\\anna\\appdata\\local\\simplify media\\simplifypeer.exe"= UDP:C:\users\anna\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "UDP Query User{AD7D1EF4-64D9-467E-A071-C29AFEE84099}C:\\users\\anna\\appdata\\local\\simplify media\\simplifypeer.exe"= TCP:C:\users\anna\appdata\local\simplify media\simplifypeer.exe:simplifypeer.exe "{E9B59808-1730-47D5-A189-2CCE92454CB0}"= UDP:3703:Adobe Version Cue CS3 Server "{D7ABB33D-F793-401E-A280-9297AD1623C4}"= UDP:3704:Adobe Version Cue CS3 Server "{D16F40C8-57F5-4EFF-84CC-B65232453516}"= UDP:50900:Adobe Version Cue CS3 Server "{2EA09634-5A07-45BF-A710-FC2950588A97}"= UDP:50901:Adobe Version Cue CS3 Server "{C3F0AC92-2A75-4C57-AD85-0A75D5A2B226}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{E84C285E-A2A1-4DDC-9CF9-6168DC8EBA5D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{BB9EFCD5-F61E-4153-9A62-C84DEF0F75D8}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{FE5F5D0A-4147-43F7-9566-76D99048689C}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{6D9CB51B-A169-4088-9F80-8E0A1E335E52}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{DC79A8F5-BB38-41E5-A38B-6CA29F33C717}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F92D78BB-2B0F-439C-9B17-911A613B3CE4}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{7543D86C-D957-4F5F-99DF-784A35EE011E}C:\\program files\\free download manager\\fdm.exe"= UDP:C:\program files\free download manager\fdm.exe:Free Download Manager "UDP Query User{4B10F0DD-0670-4C79-B859-92F04FDF2039}C:\\program files\\free download manager\\fdm.exe"= TCP:C:\program files\free download manager\fdm.exe:Free Download Manager "TCP Query User{9B103C43-9B66-4DA3-BF6F-1F833E134B3A}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{C5B03868-DF33-4E23-9BE3-D1319963CF21}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{EEF9B25A-4034-4353-BA67-596D32905343}C:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{45A828D4-7499-481A-881A-C0433C391556}C:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"= C:\Program Files\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 11:53] R2 RapiMgr;Windows Mobile-basierte Geräteverbindung;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 10:52] R2 WcesComm;Windows Mobile 2003-basierte Geräteverbindung;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys [2007-05-07 13:48] S3 Droppix Service;Droppix Service;"C:\Program Files\Common Files\Droppix\DxService.exe" [2007-04-05 18:00] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00] S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-06-10 19:02] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \shell\AutoRun\command - I:\LaunchU3.exe -a . Inhalt des "geplante Tasks" Ordners "2008-06-25 17:12:24 C:\Windows\Tasks\WebReg Photosmart C3100 series.job" - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 02:15:14 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Windows\system32\byuwawuh.dll -> C:\Windows\system32\stfasamf.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.bin C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Windows\System32\conime.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-06-26 2:27:26 - machine was rebooted [anna] ComboFix-quarantined-files.txt 2008-06-26 00:26:11 ComboFix2.txt 2008-06-25 18:02:15 ComboFix3.txt 2008-06-12 11:26:46 Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden. Das System hat keinen Meldungstext fr die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden. 350 --- E O F --- 2008-06-22 20:46:35